Security flaw found in Linux file compression library
- Posted:
- 12:33 12 Mar 2002
- Topics:
- Storage Management Software | Operating Systems | Security Flaws & Exploits | Open Source Software | Desktop Operating Systems | Linux
The flaw found in the library could allow a attacker to take root control of the machine. Mark Cox, senior director of engineering at Red Hat, said the flaw is "potentially a big deal" because the library is widely used. Zlib provides compression algorithms designed to speed up network file transfers.
No known exploits of the flaw have been reported so far, he said. Vendors have been researching the problem for the past month and have created fixes. But Cox warned users over complacency. "This is a significant vulnerability," he said, "People should update their systems even if there's no intrusions yet. It's a simple fix, available now."
ADVERTISEMENT
Dave Wreski, director at Guardian Digital, an open source security company, said every Linux installation is potentially affected.
"An exploit will certainly be developed for this," Wreski said. "It's just too great a risk."
The patches, available at the zlib Web site and Red Hat among others, fix the error condition that can cause the double-free.
